package com.example.controller;

import com.example.domain.ResponseCode;
import com.example.domain.ResponseResult;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * 基于注解的权限控制
 * 基于配置的权限控制
 */
@RestController
@RequestMapping("/hello")
public class HelloController {

    /**
     * 基于注解的权限控制
     *
     * @return
     */
    @GetMapping
//    @PreAuthorize("hasAuthority('system:test:list')") // 角色权限
    @PreAuthorize("@expressionRoot.hasAuthority('system:test:list')") // 自定义权限
    public ResponseResult hello() {
        return new ResponseResult(
                ResponseCode.GET_SUCCESS,
                "查询成功",
                "hello world!"
        );
    }

    /**
     * 基于配置的权限控制
     *
     * @return
     */
    @GetMapping("/admin")
    public ResponseResult admin() {
        return new ResponseResult(
                ResponseCode.GET_SUCCESS,
                "查询成功",
                "hello admin!"
        );
    }

}
